<?php

require_once("includes/init.inc.php");

/* TODO: Add code here */
$userName = "";
$password = ""; // on ne v�rifie pas le mot de passe, je le laisse au cas o�

if(!isset($_POST["username"])) {
	$_SESSION["user_id"] = -1;
	header('Location: login.php?error=true');
	die("RENTRE UN BON NOM D'USAGER!!!");
}

if(!isset($_POST["password"])) {
	$_SESSION['user_id'] = -1;
	header('Location: login.php?error=true');
	die("RENTRE UN BON MOT DE PASSE!!!");
}

mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWD) or die(mysql_error());
$userName = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);

// on v�rifie que le champs username ne soit pas vide
if(trim($userName) == ""){
	$_SESSION['user_id'] = -1;
	header( 'Location: login.php?error=true' ) ;
	die("RENTRE UN BON NOM D'USAGER!!!");
}

// chercher le username dans la BD
// TODO: COMMENTER CES LIGNES SI VOUS N'AVEZ PAS DE BD LOCALE
mysql_select_db(DB_NAME) or die(mysql_error());
$result = mysql_query(
	"SELECT id FROM user 
	WHERE username = '".trim($userName)."'
		AND password = '".trim($password)."'") or die(mysql_error());
if($row = mysql_fetch_array( $result )){
	$_SESSION['user_id'] = $row[0];
	header( 'Location: main.php' ) ;
	die("Merci.");
} 

?>
